The old ways no longer suffice--and forward-looking enterprise-wide risk integration and stress-testing is the new reality for banks and their ALCOs.
The key risks that ALCOs have traditionally been tasked with managing (i.e. liquidity, interest rate, capital/earnings) have never been more interrelated than today. Ignoring the interaction of these risks and maintaining them in separate silos will put an institution in jeopardy not only from a regulatory perspective, but because financial performance will be impacted as well.
In addition, other organizational risks have entered into the fray--notably credit and operational risk--and while these risks may not be directly managed by ALCO, their influence and impact must be clearly understood and communicated.
Regulators have come to expect “what-if” simulations and stress-testing that illustrate the impact that various potential business strategies, assumptions, events, and circumstances may have on the bank’s balance sheet and risk profile. But it’s not just an exercise for the regulators.
For many, the transformation from a regulatory risk-review ALCO to a more proactive decision-oriented ALCO will be a challenge that will require training and on-going education to facilitate. Organizations that invest in this education for both management and the board will be in a much better position to succeed.
Paradoxically, one danger, as the ALCO discipline expands, is overkill.
With this expanded risk management framework, maintaining a simple set of risk limits and guidelines is becoming more challenging. Examiners are expecting more and more limits to be defined--ALCO and board risk reports are expanding rapidly.
It is easy to succumb to regulatory pressure and add a multitude of risk limits. However, this is coming at a cost. The price is time, energy, financial expense, and most important: decision-making focus and effectiveness.
In some instances, we have seen executive “summaries” become as large as the detailed portions of ALCO packages with scores of risk limits and triggers. This results in ALCO groups and banks’ boards expending an excessive amount of energy to review and address all this material.
If this regulatory emphasis continues, we could conceivably have hundreds of limits or triggers to contend with. But to what benefit?
Also, distinguishing between primary (core) and secondary risk measures and developing differing response levels for the various risk measures can go far in reducing the ongoing impact and burden on ALCO and the board.
It is also important to ensure that your various risk management policies interrelate well with one another and represent operating philosophies and risk tolerances in a consistent fashion. To this end, there is a growing trend towards policy consolidation--bringing all of the risk management policies under one cover.
Banks need to merge policies such as investments, liquidity and funds management, liquidity contingency, interest rate risk, ALCO, hedging, brokered deposits, capital planning, and credit under one umbrella. The benefit of doing so: Common interrelationships, measures, limits and stress-testing activities can be more effectively presented.
You can be certain, however, that the bar has been raised. And you will be expected to do more than you are today.
At its core, integrated stress-testing involves the use of a financial forecasting model with the ability to dynamically simulate earnings, capital, cash flow, and value under varying stress parameters. These stress parameters can be related to changing market conditions; local, regional, and national economic issues; and events or systemic crises. The duration of these factors may be short-term or more long-term in nature. In addition, stress-testing involves evaluation of key modeling assumptions and their respective impact on results.
Developing the “right” stress-tests is not a simple matter.
Every bank’s balance sheet and risk tolerances differ. Risk managers must develop a set of stress parameters that are meaningful and plausible to the organization. Moreover, once these stress parameters are established, they need to be revisited with regularity--often quarterly--to ensure they are still valid and representative of potential adverse conditions the bank could face.
In addition to comparing results to already-established policy limits and guidelines, evaluating the impact on the bank’s overall risk monitoring system--“early warning” triggers--is expected. To the extent that policy violations occur or that triggers are reached, additional analysis and resolution strategies will be expected. Lastly, these stress scenarios are going to include numerous assumptions which need to be logical and well documented and in some instances supported through quantitative and qualitative studies.
In many instances, larger banks are one step ahead of smaller ones because the regulatory and international mandates for more robust risk management and stress-testing have been pursued more rigorously by policymakers and regulators. Community banks face the greatest challenge, because the information systems infrastructure, expertise, and related expenses are significant.
And when organizations’ bottom lines are already under significant strain, this can be especially burdensome.
Outsourcing and co-sourcing (shared modeling and analysis activities) is becoming a more prevalent solution as organizations seek ways to manage the costs and ensure adequate effort and expertise is being applied. However, an extra level of due diligence is required to confirm that your prospective outsourcer has the requisite expertise and experience necessary to meet the growing and evolving demands of Enterprise Risk Management.
The concept of Enterprise Risk Management is far from new, but its evolution and broadening to include all aspects of operational risk is, and cannot be dismissed. It is important that organizations recognize the critical importance of integrated risk management, and the convergence and interrelationship between the various balance sheet risks.
The great risk is that which comes from doing nothing.
About the author
During his tenure at DCG, he has served in various capacities including Director of Financial Analytics. In addition, he has served as a technical resource for the development of DCG’s products and services.
Prior to joining DCG in 1992, he managed the asset liability management and strategic planning process for a large regional bank in the Northeast.